Scenario testing is a core component of operational resilience, enabling Bank Islam to assess whether its Deposit and Withdrawal Services can continue to be delivered within acceptable impact tolerances during severe but plausible disruptions.
This chapter applies scenario testing to CBS-1 by examining how failures across people, process, technology, third parties, and cyber-ICT domains could disrupt customer access to funds.
The scenarios are designed to test not only system recovery, but also decision-making, communication, fraud response, and service continuity under stress—consistent with regulatory expectations for Islamic financial institutions operating in a highly digitalised environment.
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes (incl. Cyber & ICT Risk Integration) |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Cash Deposit at Branches |
Branch system outage combined with core banking connectivity failure and ransomware infection on teller terminals |
Inability to accept cash deposits; manual fallback errors; customer dissatisfaction and reputational risk |
Branch contingency procedures tested; offline deposit forms pre-approved; staff trained on cyber incident response and escalation |
|
1.2 |
Deposit via ATMs |
ATM network disruption due to telecom failure and malware attack on the ATM middleware |
Failed or delayed deposits; reconciliation backlogs; customer complaints and regulatory scrutiny |
ATM cybersecurity controls tested; dual-vendor telecom resilience; automated reconciliation and customer notification procedures |
|
1.3 |
Online / Internet Banking Deposits |
Distributed Denial-of-Service (DDoS) attack coinciding with the peak salary crediting period |
Customers are unable to deposit or transfer funds digitally; liquidity stress perception |
DDoS mitigation testing; traffic throttling and failover channels validated; crisis communication playbooks exercised |
|
1.4 |
Cash Withdrawal at Branches |
Staff unavailability due to a pandemic-like event, combined with system latency in branch platforms |
Delayed cash withdrawals, increased queue times, and potential breach of service expectations |
Cross-trained staff deployment plans; priority customer handling tested; branch workload redistribution scenarios rehearsed |
|
1.5 |
ATM Withdrawals |
Regional power outage and ATM switch failure affecting multiple districts |
Large-scale inability to withdraw cash; heightened public concern and reputational damage |
Cash-in-circulation stress tests; mobile ATM deployment plans; coordination with utility providers tested |
|
1.6 |
Online / Internet Banking Withdrawals |
Core banking system failure triggered by a failed patch deployment and a cyber configuration error |
Customers are unable to transfer or withdraw funds digitally; potential financial hardship |
Change management stress testing; rollback procedures validated; cyber-ICT governance and approval checkpoints strengthened |
|
1.7 |
Failed Deposits or Withdrawals |
Transaction posting failures due to database corruption following a cyber intrusion |
Customer balances are inaccurate; disputes and regulatory risk |
End-to-end reconciliation scenario testing; automated exception handling; customer redress mechanisms rehearsed |
|
1.8 |
Fraud Detection and Prevention |
Spike in mule account activity and social engineering fraud during system disruption |
Financial loss to customers; erosion of trust; Shariah governance concerns |
Fraud surge simulations conducted; real-time monitoring thresholds adjusted; coordination between IT, fraud, and customer service tested |
Through structured scenario testing of CBS-1 Deposit and Withdrawal Services, Bank Islam can demonstrate its ability to anticipate, withstand, respond to, and recover from operational disruptions that matter most to customers and regulators.
By explicitly integrating cyber and ICT risks into service-level scenarios, the bank moves beyond traditional IT recovery testing toward true operational resilience.
The evidence of proactive risk management actions—such as tested fallback arrangements, cross-functional coordination, and customer communication readiness—supports a strong resilience posture and reinforces confidence in Bank Islam’s ability to safeguard uninterrupted access to funds under severe but plausible conditions.
|
Implementing Operational Resilience for Bank Islam: Aligning with BNM and Global Best Practices |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Deposit, Savings, and Current Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|